1. Foreman 3.18 release notes

1.1. Headline features

1.1.1. Infrastructure & platform updates

GRUB1 template support removed

Legacy GRUB (GRUB1) templates are no longer supported. Most distributions switched to GRUB2 by 2014, and maintaining GRUB1 support was causing compatibility issues with newer systems. Systems still using GRUB1 for provisioning must migrate to GRUB2 before upgrading.

1.1.2. Networking & connectivity

SSH certificate support for remote execution

Smart Proxies can now use SSH certificates signed by a trusted certificate authority (CA) during remote execution connections. By enabling this feature, you can avoid the default Trust on First Use (TOFU) model, and benefit from centralized trust management and revocation capabilities.

1.2. Upgrade warnings

NodeJS 18 no longer supported

NodeJS 18 support has been removed. Foreman now requires NodeJS 22 or later for development and building assets.

Application Centric Deployment (ACD) plugin removed

The ACD plugins for Foreman server and Smart Proxy servers have been removed. Ensure that you uninstall the plugin before upgrading to Foreman 3.18. For more information, see Deinstallation in foreman_acd.

1.3. Deprecations

ForemanModal component deprecated

The ForemanModal component in Foreman core is now deprecated. If you are a plugin maintainer, migrate your plugin to PatternFly 5 modal components.

PatternFly 3 select form field deprecated

The PatternFly 3 select form field component is deprecated. PatternFly 5 Select components are used instead.

2. Katello 4.20 release notes

2.1. Headline features

New container images page

The new Container Images page shows information about synced and booted container images. For synced images, view and copy pullable paths by content view environments. See manifests within a manifest list. Discern between normal, bootable, and flatpak images. For booted images, see which container images bootc hosts in your environment are running. https://projects.theforeman.org/issues/38942

Transient packages

Transient packages are RPMs installed temporarily on bootc machines during runtime. After rebooting, due to the immutable nature of bootc machines, these RPMs are gone. These RPMs can be persisted in the bootable container image using the new containerfile install command generator (below).

Katello helps track transient packages on the host packages tab of a bootc host. A new column shows package persistence information: persistent, transient, or unreported (a dash character). Filter or sort by persistence with new UI dropdowns.

Note
 Transient package data will be available in a future release of subscription-manager. Until it is shipped, persistence data will be unknown. https://projects.theforeman.org/issues/38911
Containerfile install command tool

This new tool allows users to generate a dnf install command for all selected transient packages on a bootc host. Paste this command into your bootable container image’s containerfile (and rebuild the image) to persistently install these packages.

Supports free selection of RPMs with transient or unreported persistence. Available through the UI host packages tab, the API, and hammer. https://projects.theforeman.org/issues/38931

Lifecycle environments for rolling content views

By default, rolling content views are now created with no lifecycle environment. Previously, they were assigned to the Library lifecycle environment. You can assign a lifecycle environment to a rolling content view and use it just like regular content views. This change should allow rolling content views to be more easily synced to smart proxies, without having to commit the bad practice of assigning the Library lifecycle environment to smart proxies. https://projects.theforeman.org/issues/38477

Flatpak management improvements

Added an informational alert in the Create Flatpak Remote modal that guides users through Red Hat flatpak remote setup. Features one-click URL population and a direct link to credential generation.

Added dependency detection and warnings for flatpak applications. Shows dependency alerts during mirror repository operations and displays warnings during Content View publishing when flatpak apps are included but required runtimes may not be available.

Fixed container registry authentication to properly scope content access. Unregistered hosts see all unauthorized content, basic auth shows user content plus unauthorized content, and certificate auth properly limits content to the host’s content view environments only. https://projects.theforeman.org/issues/38810

Multiple content view environments improvements

MultiCV is now enabled by default. You do not need to change a Setting in order to assign multiple content view environments.

In addition to viewing multiple content view environment assignments, you can now assign and reorder multiple content view environments in the web UI:

  • To an activation key via the Activation Key create and details pages

  • To a single host via the host details page

  • To multiple hosts via Hosts > All Hosts > kebab menu bulk action

https://projects.theforeman.org/issues/38919

New All Hosts UI improvements

System Purpose and Release Version added to Host bulk actions. You can now edit System Purpose attributes and release version for multiple hosts on the All Hosts page. https://projects.theforeman.org/issues/38881

Manage Traces added to Host bulk actions. You can now resolve Traces on multiple hosts on the All Hosts page. https://projects.theforeman.org/issues/38876

CSV Export. You can now export the All Hosts table to CSV in the new UI. https://projects.theforeman.org/issues/38940

New column available in hammer host list

You can now add the "Last checkin" column to the fields displayed by hammer host list.

2.2. Upgrade warnings

There are no upgrade warnings with Katello 4.20.

2.3. Deprecations

There are no deprecations with Katello 4.20.

3. Foreman 3.18.0

You can find the complete list of changes on Redmine.

3.1. Foreman

  • Remove exit calls from recurring rake tasks - #39057

  • Login delegation logout URL fails to redirect to external auth source - #39053

  • PostgreSQL process name pattern is wrong in PCP foreman-hotproc config file - #39050

  • Deprecate ForemanModal in the core - #39048

  • saltstack_setup: Use systemctl to enable salt-minion instead of chkconfig - #39043

  • pry-remote does not work at all when pry-byebug is enabled - #39039

  • Fix action button handling for plugins - #39038

  • BIOS info is not populated in All hosts page and in Host Details tab - #39036

  • Add new dynflow table to schema dumper ignore list - #39035

  • Replace useForemanModal in HostsIndex - #39027

  • Hide taxonomy options from API docs for taxonomy resources - #39025

  • Hosts index page incorrectly uses array index as React key for table rows - #39016

  • User.current not reloadable in dev console environment - #39014

  • Scoped order is ignored, it's forced to be batch order error displayed on application startup - #39007

  • ForemanContext app metadata registry values are only evaluated at app startup; should be evaluated at runtime instead - #38986

  • HostsController#template_used - find resource in before_action - #38983

  • Drop NodeJS 18 support - #38979

  • Allow newer dynflow - #38975

  • Fix NTP config in autoyast - #38959

  • Add Foreman::Cron and cron:* rake tasks as generic entrypoints for recurring jobs - #38956

  • Run power state bulk action on new Host Overview page - #38948

  • test/unit/puppet_fact_parser_test.rb tests are failing - #38944

  • Implement CSV exports on the hosts overview - #38941

  • Web UI: Kebab menu on Hosts > All Hosts does not close when clicking anywhere on screen - #38936

  • Cannot perform LEAPP upgrade when RHEL 9.7 os object already exists - #38930

  • Show logo on new host overview page - #38926

  • Webhook Events for config_report event - #38915

  • Host #template_kinds does not return image template kind when compute attributes are not set - #38910

  • Add Cloud Billing Details card to Host Details page - #38888

  • Support for Agama installer (SLES16) - #38877

  • Search is cleared when using bottom pagination on All Hosts page - #38858

  • Move AutocompleteInput to foremanCore - #38852

  • Update InputFactory component to PF5 - #38842

  • Introduce SSH certificate support in templates - #38499

  • Automatic firmware selection for VMware is not working on the `compute_attributes` form - #37834

  • Add snapshot tests for global_registration.erb - #37789

3.1.1. Compute resources

  • Not all old GCE files are cleaned up - #39020

3.1.2. Compute resources - OpenStack

  • Add support for assigning fixed IPv4 addresses to OpenStack hosts - #38742

3.1.3. DB migrations

  • Remove grub templates - #38974

3.1.4. Host creation

  • Add logging to Unattended#host_template - #39023

3.1.5. Inventory

  • Change Hostgroup form on new UI needs to show full nested structure, not just names - #38827

  • Manage Columns modal extends offscreen and hides Save button - #38761

  • Manage columns does not pre-check boxes of displayed columns for users without table preferences - #38453

3.1.6. JavaScript stack

  • Add global css override for PF lists and labels - #39033

  • Deprecate pf3 select form field - #38998

  • Add @patternfly/react-templates - #38978

3.1.7. Logging

  • Log file count can reach max int for `logs_id_seq` - #38949

3.1.8. Notifications

  • Notifications title is cut by the header when instance title is set - #39069

3.1.9. Orchestration

  • Queue Orchestration::Templates only for Host::Managed class - #38976

3.1.10. Parameters

  • scoped_search fails with undefined method `subtree_ids' for nil:NilClass when host belongs to a hostgroup and hostgroup parameter is orphaned - #39002

  • Fix host_param macro to include transient parameters for new hosts - #38939

3.1.11. Reporting

  • Add Cloud Billing Metadata inclusion options to Host - Installed Products report template - #38920

3.1.12. Security

  • CVE-2025-9572: GraphQL API permission bypass leads to information disclosure - #38913

3.1.13. Templates

  • Fix NoMethodError in provisioning templates during dual-stack fallback - #39046

3.1.14. Tests

  • Subnet factories use the wrong proxy for HTTPBoot feature - #39045

  • Remove static wrapper methods for host fixtures in TemplateSnapshotService - #39044

  • "should update libvirt compute resource with locs" test is flaky due to array ordering differences - #39037

  • Preseed snapshots are not validated in tests - #39012

  • cloud-init snapshots are not validated in tests - #39006

  • Provisioning snapshots for Debian use RHEL-style partition table - #39005

  • Update ForemanContext mock to include all metadata - #39004

  • Improve output of KS validation test - #39001

  • Kickstart snapshots for EL10 are missing during tests - #38999

  • Refactor Slot.test.js to react testing library - #38971

  • Fix snapshot generation to generate the correct subnets - #35779

3.1.15. Unattended installations

  • Unattended::HostFinder - track search method - #39029

  • Support multiple timesource --ntp-server entries - #38173

3.1.16. Users, Roles and Permissions

  • Context-based permission management in React frontend - #37665

3.1.17. Web Interface

  • Update DateTimePicker to pf5 - #38962

  • Breadcrumb switcher for Module stream details shows multiple entries - #38895

  • Add a 'Compact' UI setting for tables - #38322

3.2. Installer

  • Add salt minimum auth version - #38964

  • Add support for openbolt plugin - #38963

  • Remove ACD plugin from installer - #38841

3.3. SELinux

3.3.1. Plugins

  • SELinux prevents foreman_kubevirt from connecting to the OpenShift API - #38987

3.4. Smart Proxy

  • Smart Proxy breaks IPMI support - #38783

4. Katello 4.20.0

You can find the complete list of changes on Redmine.

4.1. Katello

  • Puma freezes when making HTTP requests that invoke code reload in dev - #38961

  • Smart Proxy container repository complete sync fails with 'find' nil error - #38922

  • Enable multiCV by default - #38919

  • Republish repository metadata action should update Deb content URL options when needed - #38912

4.1.1. API

  • Remove deprecated field from docker repo authentication tokens - #36888

4.1.2. Activation Key

  • When editing activation key description, Web UI freezes - #39052

  • As a user, I want to assign multiple content view environments to an activation key via web UI - #39019

  • Multiple content view environments for activation keys do not follow prioritization rules - #38651

4.1.3. Container

  • Revoking registry token does not prevent access to registry - #39042

  • Remove gap below tabs on Container Images page - #39031

  • As a user, I can easily copy a Containerfile RUN command with select packages from a host's transiently installed package list via the UI - #38989

  • Page doesn't refresh when navigating back to Container Images via Menu - #38985

  • `containerfile_install_command` API endpoint does not return all transient packages - #38952

  • Add Container images to main navigation and remove it out of experimental labs - #38942

  • As a user I have some dependency indicators on the UI - #38908

  • Ability to view/copy "pullable path" for container tags - #38906

  • Unauth container content from different orgs shows up for registered hosts - #38878

4.1.4. Content Views

  • repository_errata for CV repositories missing PRNs at run time - #39041

  • Use execution plan callbacks to orchestrate CV auto publish - #39034

  • Expand structured APT fallback mechanism for deb content - #38907

  • Composite content views can update twice due to a single incremental update of a child content view - #38460

4.1.5. Foreman Proxy Content

  • N-1/N-2 smart proxy sync fails with error Unable to update hosts ([RestClient::NotFound: 404 Not Found)] - #38954

  • Smart proxy sync fails to update hosts table - #38862

4.1.6. Hosts

  • Replace useForemanModal in Katello Hosts/BulkActions - #39047

  • Add note about persistence data being available in future versions of sub-man - #39022

  • As a user, I want to assign multiple content view environments to multiple Hosts via Bulk action in web UI - #39021

  • As a user, I want to assign multiple content view environments to a single host via WebUI - #39010

  • Katello:clean_backend_object takes a long time to complete - #38997

  • remove PXEGrub setting from Content settings - #38988

  • Host Collections are nested under Hosts/Templates instead of just Hosts - #38977

  • Implement CSV exports on the hosts overview - #38940

  • Remove the Content Host legacy UI - #38933

  • As a user, I can fetch a Containerfile RUN command with select packages from a host's transiently installed package list via the API - #38931

  • Allow scoped search on 'persistence' field at `/api/v2/hosts/:id/packages` - #38924

  • Registration fails if @rhsm_url is http, not https - #38917

  • As a user, I can see the persistence state of RPMs installed on hosts via the API - #38911

  • TypeError: Cannot read properties of undefined (reading 'RowSelectTd') errors on HostsIndex wizards - #38882

  • Add System Purpose & Release version to host bulk actions - #38881

  • Debian repos are shown multiple times on the new host details page in repo sets for multi-cves - #38699

4.1.7. Localization

  • i18n constants used as object keys for certain SelectableDropdown filters - #38995

4.1.8. Organizations and Locations

  • Hide taxonomy options from API docs for taxonomy resources - #39026

4.1.9. Repositories

  • There is no progress displayed while the Flatpak scan task is running - #39030

  • Update the Recommended Repositories page to change the Red Hat Satellite Capsule, Maintenance and Utils repositories from version 6.18 to 6.19 for RHEL 9 - #39011

  • Make RH flatpak help visible for every org instead of checking for one in any org + other UX feedback - #38945

  • 500 request failed on deb packages search query field shown - #38935

  • Unpin pulp-rpm-client 3.32.2 - #38832

4.1.10. Subscriptions

  • Remove usage from ManageManifestModal - #39028

  • Rewrite class-based React components as functions with hooks (Red Hat Repositories page, Subscriptions page) - #38903

  • Content > Subscriptions stuck in loading state if organization GET ends with 403 - #38774

4.1.11. Tests

  • Update Debian ptable factory - #39008

  • Convert Module Stream tests from snapshot to RTL - #38897

  • Convert RedHat Repositories tests from snapshot to RTL - #38896

4.1.12. Tooling

  • Remove unused host_tasks_workers_pool_size setting - #38990

4.1.13. Web UI

  • As a user, I can see the persistence state of RPMs installed on hosts via the Web UI - #38934

  • Breadcrumb switcher for Module stream details shows multiple entries - #36929

4.1.14. katello-tracer

  • Add bulk Traces to HostsIndex - #38876

Appendix A: Foreman contributors

We’d like to thank the following people who contributed to the Foreman 3.18 release:

Adam Lazik, Adam Růžička, Adrian Parreiras Horta, Archana Kumari, Arvind Jangir, Bernhard Suttner, Chris Roberts, EnigmaXV, Eric Helms, Evgeni Golov, Ewoud Kohl van Wijngaarden, Francesco Di Nucci, Giovanni Formisano, Jeremy Lenz, Jonathon Turel, Kajinami Takashi, Kenyon Ralph, Konstantinos Familonidis, Leos Stejskal, Lucy Fu, Lukas Jezek, MarcWort, Maria Agaphontzev, Markus Reisner, Maximilian Kolb, Nadja Heitmann, Nakul Pathak, Nofar Alfassi, Oleh Fedorenko, Ondřej Gajdušek, Pablo Méndez Hernández, Pat Riehecky, Peter Ondrejka, Ryan, Shimon Shtein, Takashi Kajinami, Thorben Denzer, Tim Meusel, Titani Labaj

As well as all users who helped test releases, report bugs and provide feedback on the project.

Appendix B: Katello contributors

Abhishek Bongale Aiden Fine amol patil Bernhard Suttner Chris Roberts Evgeni Golov Giovanni Formisano Ian Ballou Jeremy Lenz Jonathon Turel Lucy Fu Lukáš Ježek Nofar Oleh Fedorenko Pavan Soma Shekar Quinn James Quirin Pamp Samir Jha Vladimir Sedmik Zach Huntington-Meath

Pre-release version Report issue